CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1801 CVE-2018-21072 125 Exec Code 2020-04-08 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018).
1802 CVE-2018-21071 200 +Info 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018).
1803 CVE-2018-21069 200 +Info 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852 (July 2018).
1804 CVE-2018-21068 20 2020-04-08 2020-04-09
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018).
1805 CVE-2018-21067 200 +Info 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018).
1806 CVE-2018-21066 120 Overflow Mem. Corr. 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018).
1807 CVE-2018-21065 191 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018).
1808 CVE-2018-21064 120 Overflow 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018).
1809 CVE-2018-21063 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).
1810 CVE-2018-21062 287 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018).
1811 CVE-2018-21061 276 2020-04-08 2020-04-10
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018).
1812 CVE-2018-21060 200 +Info 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is a Keyboard learned words leak in the locked state via the emergency contact picker. The Samsung IDs are SVE-2018-11989, SVE-2018-11990 (September 2018).
1813 CVE-2018-21059 200 +Info 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard content visibility in the locked state via the emergency contact picker. The Samsung ID is SVE-2018-11806 (September 2018).
1814 CVE-2018-21057 787 Overflow 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018).
1815 CVE-2018-21056 200 +Info 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018).
1816 CVE-2018-21053 200 +Info 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).
1817 CVE-2018-21052 119 Exec Code Overflow 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018).
1818 CVE-2018-21051 74 Exec Code 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).
1819 CVE-2018-21050 120 Exec Code Overflow 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).
1820 CVE-2018-21049 787 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018).
1821 CVE-2018-21048 200 +Info 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018).
1822 CVE-2018-21047 862 Bypass 2020-04-08 2020-04-09
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Factory Reset Protection (FRP) bypass via the voice assistant because Internet access begins before the Setup Wizard finishes. The Samsung ID is SVE-2018-12894 (November 2018).
1823 CVE-2018-21046 862 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) software. There is clipboard Data Exposure via the Emergency Dialer upon connecting a USB device. The Samsung ID is SVE-2018-12911 (November 2018).
1824 CVE-2018-21045 200 +Info 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018).
1825 CVE-2018-21044 120 Exec Code Overflow 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230, SVE-2018-13231, SVE-2018-13232, SVE-2018-13233 (December 2018).
1826 CVE-2018-21042 862 Exec Code 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 (December 2018).
1827 CVE-2018-21041 306 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018).
1828 CVE-2018-21039 863 Bypass 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018).
1829 CVE-2018-21038 287 Bypass 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018).
1830 CVE-2018-15835 732 2018-11-30 2020-08-24
5.0
None Remote Low Not required Partial None None
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.
1831 CVE-2018-13893 119 Overflow 2019-02-11 2019-02-12
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
1832 CVE-2018-13889 416 2019-02-11 2019-02-12
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed
1833 CVE-2018-12014 476 2019-02-11 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.
1834 CVE-2018-12011 908 2019-02-11 2020-08-24
2.1
None Local Low Not required Partial None None
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.
1835 CVE-2018-12010 787 Overflow Mem. Corr. 2019-02-11 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.
1836 CVE-2018-12006 200 +Info 2019-02-11 2019-02-12
2.1
None Local Low Not required Partial None None
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.
1837 CVE-2018-11995 119 Overflow 2018-11-27 2018-12-21
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image.
1838 CVE-2018-11988 416 2018-12-20 2019-01-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.
1839 CVE-2018-11987 415 2018-12-20 2019-01-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.
1840 CVE-2018-11986 119 Overflow 2018-12-20 2019-01-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.
1841 CVE-2018-11985 190 Overflow 2018-12-20 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.
1842 CVE-2018-11984 416 2018-12-20 2019-01-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.
1843 CVE-2018-11983 416 2018-12-20 2019-01-09
4.6
None Local Low Not required Partial Partial Partial
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.
1844 CVE-2018-11965 269 2018-12-20 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties.
1845 CVE-2018-11964 732 2018-12-20 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue.
1846 CVE-2018-11963 125 2018-12-20 2019-01-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver.
1847 CVE-2018-11962 416 2019-02-11 2019-02-12
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.
1848 CVE-2018-11961 119 Overflow 2018-12-20 2019-01-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.
1849 CVE-2018-11960 416 2018-12-20 2019-01-09
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel.
1850 CVE-2018-11956 2018-11-27 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a potential security issue.
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 (This Page)38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.